Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-3456

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.

Published

2015-05-13T18:59:00.157

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.7 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

5.1

Impact Score

10.0

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	qemu	qemu	≤ 2.3.0	Yes
Application	redhat	enterprise_virtualization	3.0	Yes
Application	redhat	openstack	4.0	Yes
Application	redhat	openstack	5.0	Yes
Application	redhat	openstack	6.0	Yes
Application	redhat	openstack	7.0	Yes
Operating System	redhat	enterprise_linux	5	Yes
Operating System	redhat	enterprise_linux	6.0	Yes
Operating System	redhat	enterprise_linux	7.0	Yes
Operating System	xen	xen	4.5.0	Yes

References

http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c ([email protected])
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10693 ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html ([email protected])
http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html ([email protected])
http://marc.info/?l=bugtraq&m=143229451215900&w=2 ([email protected])
http://marc.info/?l=bugtraq&m=143229451215900&w=2 ([email protected])
http://marc.info/?l=bugtraq&m=143387998230996&w=2 ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-0998.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-0999.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1000.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1001.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1002.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1003.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1004.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1011.html ([email protected])
http://support.citrix.com/article/CTX201078 ([email protected])
http://venom.crowdstrike.com/ ([email protected])
http://www.debian.org/security/2015/dsa-3259 ([email protected])
http://www.debian.org/security/2015/dsa-3262 ([email protected])
http://www.debian.org/security/2015/dsa-3274 ([email protected])
http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability ([email protected])
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html ([email protected])
http://www.securityfocus.com/bid/74640 ([email protected])
http://www.securitytracker.com/id/1032306 ([email protected])
http://www.securitytracker.com/id/1032311 ([email protected])
http://www.securitytracker.com/id/1032917 ([email protected])
http://www.ubuntu.com/usn/USN-2608-1 ([email protected])
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm ([email protected])
http://xenbits.xen.org/xsa/advisory-133.html ([email protected])
https://access.redhat.com/articles/1444903 ([email protected])
https://bto.bluecoat.com/security-advisory/sa95 ([email protected])
https://kb.juniper.net/JSA10783 ([email protected])
https://kc.mcafee.com/corporate/index?page=content&id=SB10118 ([email protected])
https://security.gentoo.org/glsa/201602-01 ([email protected])
https://security.gentoo.org/glsa/201604-03 ([email protected])
https://security.gentoo.org/glsa/201612-27 ([email protected])
https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/ ([email protected])
https://support.lenovo.com/us/en/product_security/venom ([email protected])
https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10 ([email protected])
https://www.exploit-db.com/exploits/37053/ ([email protected])
https://www.suse.com/security/cve/CVE-2015-3456.html ([email protected])
http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c (af854a3a-2127-422b-91ae-364da2661108)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10693 (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=143229451215900&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=143229451215900&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=143387998230996&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-0998.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-0999.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1000.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1001.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1002.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1003.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1004.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1011.html (af854a3a-2127-422b-91ae-364da2661108)
http://support.citrix.com/article/CTX201078 (af854a3a-2127-422b-91ae-364da2661108)
http://venom.crowdstrike.com/ (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2015/dsa-3259 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2015/dsa-3262 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2015/dsa-3274 (af854a3a-2127-422b-91ae-364da2661108)
http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/74640 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1032306 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1032311 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1032917 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2608-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm (af854a3a-2127-422b-91ae-364da2661108)
http://xenbits.xen.org/xsa/advisory-133.html (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/articles/1444903 (af854a3a-2127-422b-91ae-364da2661108)
https://bto.bluecoat.com/security-advisory/sa95 (af854a3a-2127-422b-91ae-364da2661108)
https://kb.juniper.net/JSA10783 (af854a3a-2127-422b-91ae-364da2661108)
https://kc.mcafee.com/corporate/index?page=content&id=SB10118 (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201602-01 (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201604-03 (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201612-27 (af854a3a-2127-422b-91ae-364da2661108)
https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/ (af854a3a-2127-422b-91ae-364da2661108)
https://support.lenovo.com/us/en/product_security/venom (af854a3a-2127-422b-91ae-364da2661108)
https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10 (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/37053/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.suse.com/security/cve/CVE-2015-3456.html (af854a3a-2127-422b-91ae-364da2661108)